Unable to login on Passkeys.eu

[rajakeenu]

When I created an account on iOS and tried to log in from Android, it didn't work. But when I created an account on Android and then logged in from iOS, it worked fine using your website passkeys.eu.

Why am I unable to log in from Android after creating an account using an iOS device?

[vincentdelitz]

Hey @rajakeenu,

Are you talking about a Flutter where you want to login or the Corbado demo web app at passkeys.eu?

[rajakeenu]

I am talking about Corbado demo web app at passkeys.eu

…

On Thu, 25 Apr 2024, 23:15 Vincent Delitz, ***@***.***> wrote: Hey @rajakeenu <https://github.com/rajakeenu>, Are you talking about a Flutter where you want to login or the Corbado demo web app at passkeys.eu? — Reply to this email directly, view it on GitHub <#61 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BICPBADZ6FVTOF2AP46JKSLY7FB2XAVCNFSM6AAAAABGYZUBXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZXHA4DAOJQGA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- *DISCLAIMER: THIS EMAIL MESSAGE AND ATTACHMENTS ARE INTENDED ONLY FOR THE USE OF ADDRESSEE(S) NAMED ABOVE AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED AND CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, ANY DISPLAY, DISSEMINATION, DISTRIBUTION, OR COPYING IS STRICTLY PROHIBITED. IF YOU BELIEVE YOU HAVE RECEIVED THIS EMAIL MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY REPLYING TO THIS EMAIL MESSAGE AND DELETE THIS MESSAGE FROM YOUR SYSTEM.*

[rajakeenu]

One more issue I am facing is that my assetlink file is not publically available so because of this fido is not opening in Redmi mobile but when I am trying same thing of samsung mobile using samsung passkeys it is working how it is possible , If I will do fido authentication using gmail on samsung it is not working but same thing working on samsung passkeys key.

It this exception except samsung passkey PlatformException(android-unhandled:_androidx.credentials.TYPE_CREATE_PUBLIC_KEY_CREDENTIAL_DOM_EXCEPTION/androidx.credentials.TYPE_SECURITY_ERROR,_The_incoming_request_cannot_be_validated,_The_incoming_request_cannot_be_validated,_null)

[vincentdelitz]

@rajakeenu I think you're describing two different problems and two different applications, right?

1. The first problem is regarding the creation of a passkey in our demo at https://passkeys.eu. This is a standalone web app hosted by us (not built in Flutter) and has nothing to do with any native app. Regarding the different behavior on Android & iOS. Here it depends in which passkey provider you create+store the passkey. If you use the default, it's iCloud Keychain on iOS and Google Password Manager on Android. So, actually sharing a passkey between these two passkeys providers is not possible (independent in which you created the passkey and where you tried to login). What happens in the demo that we allow to create another passkey after successful email OTP confirmation. Is that what you did?
2. Regarding the second option. Are you hosting the assocation file yourself or are you using our hosted relying party server?

[rajakeenu]

In a Flutter app on iOS, after signing up for an account using passkeys, when attempting to log in, why does it log in with Samsung mobile using Samsung Passkey?
Also ,

When you sign up for an account in a Flutter app on Android and use Google Password Manager, why does it login with Samsung Passkeys on Samsung devices?

[vincentdelitz]

@rajakeenu apparently Samsung Pass is set up to be your passkey provider / passkey management system. Usually, there is a dialogue in the passkey creation screen, where you can switch the passkey provider. The default passkey provider can be changed in your device settings.

[rajakeenu]

@vincentdelitz The issue we are facing while using Samsung Pass is that if I sign up for an account using Google Password Manager, it automatically signs in on Samsung devices using Samsung Pass. How can I stop this?

[vincentdelitz]

You can change the default passkey provider in the settings:

[rajakeenu]

@vincentdelitz, let me explain. I'm developing a payment app where users can add their accounts using Passkey registration and do payments using the Passkey authentication. The issue arises when a user links their account via a Redmi device (Google password manager) but later logs in on a Samsung device using the same account. When making a payment, the Samsung Passkey is prompted, and the user successfully authenticates the transaction. How is this possible when the user initially linked their account using Google password manager?

[rajakeenu]

@vincentdelitz , let me explain. I'm developing a payment app where users can add their accounts using Passkey registration and do payments using the Passkey authentication. The issue arises when a user links their account via a Redmi device (Google password manager) but later logs in on a Samsung device using the same account. When making a payment, the Samsung Passkey is prompted, and the user successfully authenticates the transaction. How is this possible when the user initially linked their account using Google password manager?

[vincentdelitz]

@rajakeenu thanks for the additional information.

That's indeed very interesting and from what you have described, it should not be possible. Can you delete all the passkeys from Google Password Manager and Samsung Pass, set up a new account and share screenshots from the behavior? Are you sure that there were not two passkeys added to this account?